Implement operator role for apps

There are two main use cases:
* A consultant/contractor/external developer is given access to just an app.
* A "service" personnel (say upstream app author) is to be given access to single app
for debugging.

Since, this is an "app admin", they are also given access to apps to be consistent with
the idea that Cloudron admin has access to all apps.

part of #791

src/routes/apps.js

@@ -17,6 +17,7 @@ exports = module.exports = {
     repair,
 
     setAccessRestriction,
+    setOperators,
     setLabel,
     setTags,
     setIcon,
@@ -44,7 +45,6 @@ exports = module.exports = {
     uploadFile,
     downloadFile,
 
-
     load
 };
 
@@ -171,6 +171,18 @@ async function setAccessRestriction(req, res, next) {
     next(new HttpSuccess(200, {}));
 }
 
+async function setOperators(req, res, next) {
+    assert.strictEqual(typeof req.body, 'object');
+    assert.strictEqual(typeof req.app, 'object');
+
+    if (typeof req.body.operators !== 'object') return next(new HttpError(400, 'operators must be an object'));
+
+    const [error] = await safe(apps.setOperators(req.app, req.body.operators, auditSource.fromRequest(req)));
+    if (error) return next(BoxError.toHttpError(error));
+
+    next(new HttpSuccess(200, {}));
+}
+
 async function setLabel(req, res, next) {
     assert.strictEqual(typeof req.body, 'object');
     assert.strictEqual(typeof req.app, 'object');